Soatok Dreamseeker
Soatok Dreamseeker
> I would suggest that if using bcrypt for >72char is deemed inappropriate, perhaps it should fall back to the current phpass stretched-md5 hashing method, especially if no consensus can...
This is a high priority issue for me.
> I didn't find a commonly used constant-time string comparison function in the standard library or QCA. Do you have any recommendations? https://github.com/jedisct1/libsodium/blob/1012bbc380c81bf7782a85d43c2c9ed7caf8c8b9/src/libsodium/sodium/utils.c#L186-L208 > And have you considered making a...
> instead of adding some random anons npm package to your dependency chain I can't tell if you're trying to neg me or call out the entire front-end developer profession.
Just wanted to notify anyone following this thread that [an addendum has been added to the blog post](https://soatok.blog/2025/11/19/moving-beyond-the-npm-elliptic-package/#addendum-2025-11-21). The addendum identifies additional unpatched cryptographic weaknesses in elliptic. This time, it...
Well, you're an AI guy. Why don't you ask Grok if Soatok is a reputable or trustworthy cryptography engineer? I'm sure that conversation will be enlightening.
Big surprise that Grok is wrong. My recommendation was to use noble-curves, and the shim is an intermediate step if migrating is painful. It's a fallback option, not the primary...
I didn't get "defensive' about your suggestion. I do take issue with being dismissed as "some anon" when I'm the one actually trying to fix problems. What have you done...
> I did warn about some guy trying to push a potential supply chain attack into many crypto wallets, does that count? And that is where you cross the line...
I'm curious if [CVE-2024-31497](https://github.com/advisories/GHSA-6p4c-r453-8743) applies. Let's walk through the code: https://github.com/indutny/elliptic/blob/9b77436a59cc35eccf4ffb848259c8762a492ee7/lib/elliptic/curves.js#L109-L134 So we see that their P-521 code is using a generic curve construction, rather than special-purpose code. Not a...